Taking a closer look at POS malware

A Symantec report on PoS malware from last September looked closely at what happens during a PoS attack. The source broke down the process into several steps, from infiltration to data capture, before the compromised information transmits back to the criminals organizing the attack. Likewise, the report recommends a multi-step approach to prevention that includes SSL certificates and putting host-based access controls in place to make PoS use safer.

In many environments, having multiple forms of security adds protection for business owners, and the PoS setup is no exception. There are additional concerns with the appearance of specific malware strains that target PoS terminals.

A Dark Reading piece from last November recorded the dangers of ModPOS, a piece of software that can avoid detection while potentially packing hundreds of functions into a single piece of code. Maria Noboa of iSIGHT Partners told the source that this program represents a major threat for businesses with POS systems.

"This is by far the most sophisticated PoS malware I've ever seen," she said. "It took us two to three weeks just to determine it was malicious." 

A more recent POS malware scare came in the form of Treasurehunt. A report from Nart Villeneuve of FireEye connected the changes in malware with the shift to EMV cards. Since the malware currently used to target POS terminals may not always work, Villeneuve said, criminals could choose to use it as a form of attack now as retailers struggle to transition to the new card reading hardware.

All of this shows the continuing importance of obtaining the latest systems to meet the most recent malware threats as they arise. Choose credit card POS software that matches business priorities as new programs become more prominent threats.

Scroll to Top